Talk:SPG:Drafts:Data Privacy EGI CheckIn
Revision as of 08:52, 18 November 2016 by Dkelsey (talk | contribs) (→Comments from Hannah Short (8 Nov 2016))
Comments and discussion
Comments from Hannah Short (8 Nov 2016)
Minor points since this looks very thorough:
- It is potentially confusing to have two nested policies. There are references to "The Policy", "This policy", "this Policy" and it's not obvious to which one they are referring. It might be clearer to insert the word Privacy or Data Processing before each use of the word Policy
Answer from DaveK: Agreed. Now done. "Privacy Policy" and "Data Protection Policy". Also made this clearer in the Appendix I hope.
- "Stored where?" I worry this is opening a can of worms since we do not specify the actual location and readers will want to see a physical country listed. As far as I can see, this isn't a requirement of the Policy on the Processing of Personal Data
Answer from DaveK: Agreed. Potentially a BIG can of worms! In the past with the old User-level Job Accounting Policy we did require the data to be held within the EU (or country with similar data protection). In general this does not work for e-Infrastructures like WLCG where we do need to store and process outside of the EU, so our plan was that the fact that all members of the e-Infrastructure are bound by the single set of policy documents should be sufficient.